Security is a hot topic. Ensuring that your websites are secure is extremely important for any web application. In fact, I spend 70% of my time securing my applications. One of the most important things we must secure are forms. Today, we are going to review a method to prevent XSS (Cross-site scripting) and Cross-site request forgery on forms.
PHP form input validation is what separates amateur and professional PHP developers. A professional PHP developer validates data for both security and correctness of the data entered. Keep reading to learn how to validate user input to your forms.
A web user see this warning when he try to revisit a page using browser’s history mechanism and the page has requested by POST requested method. If he accepts this, browser sends again the POST method request data. Here is a simple solution for this common problem.
Alright, so I've done a little work and decided to go through this step by step, because in all actuality everything helps when you're trying to learn a new programming language. For this project, I needed a form to send an email to the client once it's been validated and checked to be ok. Sounds simple enough in PHP in fact I had it working in about 15 minutes. The only problem was, it was boring. And the user had to wait for it to be submitted then after they were sent to another page rather than the home page, and I didn't like that. So I decided to spice things up a bit with a little AJAX and a few effects from Scriptaculous. So let's dive into exactly how I did it.
As its name suggests, the PHP Extension and Application Repository (PEAR) library called HTML_QuickForm can be used to quickly and cleanly to produce validating HTML forms, relieving the developer of the tedium that often accompanies such tasks. HTML_QuickForm provides developers with a declarative approach to defining form fields and their associated validation rules and automatically generates the necessary HTML and JavaScript code needed to display the form accordingly. HTML_QuickForm also automatically validates submitted forms as indicated and allows developers to define a function that further handles valid submissions.
This tutorial presents a basic implementation of HTML_QuickForm to produce a common email contact form and explores ways to get the most from this powerful library.
I hate typing, but I like writing code. A while ago I started to dread all the rote typing required to handle forms in PHP, and began looking for a Better Way. This article describes how I used PHP's regular expression functions to do most of the heavy lifting required to process forms properly, saving lots of typing and giving me time to do stuff I don't hate, such as writing code (and playing NetHack).
Welcome to the last part of the series "Building a PHP 5 form processor." In three parts, this series goes through the development of an extensible form processor package in PHP 5, explaining its benefits and demonstrating its implementation.
Excerpted from Chapter 4: Interacting with Web Forms in the PHP Phrasebook by Christian Wenz. ISBN 0672328178, Copyright © 2005. Used with the permission of Sams Publishing.
When it comes to prefilling form elements, multiple selection lists are the most difficult ones to implement. This is because in $_GET or $_POST, you have an array of chosen options; so you cannot just compare strings, but you have to search for the specified value in the array. Luckily, PHP offers something suitable in the form of the in_array() function. So, the effort required is not much more than with the other form elements: If the current value is in $_GET/$_POST, print out the selected attribute.
In this second part of a three-part series, we take up the topic of server-side validation. By the time you finish this article, you'll have the general guidelines for how to build a form validating class. You'll use some PHP built-in introspection functions, along with regular expressions, to assist you in building this class.
Excerpted from Chapter 4: Interact with Web Forms from the PHP Phrasebook by Christian Wenz. ISBN 0672328178, Copyright © 2005. Used with the permission of Sams Publishing.
Interacting with Web Forms
HTML forms are one of the key ingredients of any dynamic website because they can enable the users of a site to interact with it. Otherwise, websites are more or less static:They may be driven by a database and, therefore, regularly changing, but they look the same for each and every visitor. HTML forms can change that; therefore, using data from forms from within PHP is very important.
